package com.liang.spring.test.filter;
  
import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.filter.OncePerRequestFilter;

import com.liang.spring.test.controller.entity.UserInfo;
  
/**
 * 过滤器  
 * @author think
 *
 */
public class SessionFilter extends OncePerRequestFilter {  
    @Override  
    protected void doFilterInternal(HttpServletRequest request,  
            HttpServletResponse response, FilterChain filterChain)  
            throws ServletException, IOException {  
  
        // 不过滤的uri  
        String[] notFilter = new String[] { "temp.jsp", "index.jsp", "reg.jsp", "css", "/js", "login", "check", "userInfo/add", "img" };  
  
        // 请求的uri  
        String uri = request.getRequestURI();  
        // uri中包含background时才进行过滤  
        if (uri.indexOf("spring") != -1) {  
            // 是否过滤  
            boolean doFilter = true;  
            for (String s : notFilter) {  
                if (uri.indexOf(s) != -1) {  
                    // 如果uri中包含不过滤的uri，则不进行过滤  
                    doFilter = false;  
                    break;  
                }  
            }  
            if (doFilter) {  
            	String path = request.getContextPath();
            	String basePath = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + path + "/";
                // 执行过滤  
                // 从session中获取登录者实体  
                Object obj = request.getSession().getAttribute("user");  
                if (null == obj) {  
                    response.setContentType("text/html; charset=UTF-8");
                    PrintWriter out = response.getWriter();  
                    String loginPage = basePath + "index.jsp";  
                    StringBuilder builder = new StringBuilder();  
                    builder.append("<script type=\"text/javascript\">");  
                    builder.append("alert(\"尚未登录系统，请登录！\");");  
                    builder.append("window.top.location.href='");  
                    builder.append(loginPage);  
                    builder.append("';");  
                    builder.append("</script>");  
                    out.print(builder.toString());  
				} else if (uri.indexOf("selPersonalcredit.jsp") != -1 || uri.equalsIgnoreCase("/springTest/train.jsp")) {
					String fusername = (String) ((UserInfo) request.getSession().getAttribute("user")).getFusername();
					if (!fusername.equalsIgnoreCase("admin")) {
						response.setContentType("text/html; charset=UTF-8");
	                    PrintWriter out = response.getWriter();  
	                    String loginPage = basePath + "index.jsp";  
	                    StringBuilder builder = new StringBuilder();  
	                    builder.append("<script type=\"text/javascript\">");  
	                    builder.append("alert(\"您不是管理员，无权操作！\");");  
	                    builder.append("window.top.location.href='");  
	                    builder.append(loginPage);  
	                    builder.append("';");  
	                    builder.append("</script>");  
	                    out.print(builder.toString());  
					} else {
						 filterChain.doFilter(request, response);  
					}
                }
                 else {  
                    filterChain.doFilter(request, response);  
                }  
            } else {  
                filterChain.doFilter(request, response);  
            }  
        } else {  
            filterChain.doFilter(request, response);  
        }  
    }  
  
}  